package com.yuntsg.nnsfcp.xss;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;

/**
 * xss攻击过滤器
 *
 * @author ：ljx
 * @date ：Created in 2019/11/10
 */
//@WebFilter(filterName = "xssFilter", urlPatterns = "/*")
public class XssFilter implements Filter {


    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {

        System.out.println("++++++++++进入了过滤器++++++++++");

        //过滤其他资源
        HttpServletRequest httpRequest = (HttpServletRequest) request;
        String path = httpRequest.getServletPath();

        System.out.println(path);
        String[] exclusionsUrls = {".js", ".gif", ".jpg", ".png", ".css", ".ico"};
        for (String str : exclusionsUrls) {
            if (path.contains(str)) {
                chain.doFilter(request, response);
                return;
            }
        }

        //实例化过滤器
        XssHttpServletRequestWrapper xssRequest = new XssHttpServletRequestWrapper(
                (HttpServletRequest) request);
        //chain.doFilter(request,response);
        chain.doFilter(xssRequest, response);
    }

    @Override
    public void destroy() {

    }
}
